I forgot to tell. The LTM are used to balance between our two firewall to get access to the internet. The idea is block one website with irules and use it in the future to block any access to malicious IP addresses.
I am sorry, you said " you are checking the clients sourceIP and not the destinationIP" , but the irule you posted is using IP::local_addr. As far as I know local_addr is the client IP, that's why I used remote_add. The goal of my rule is to take the decision (drop) based on the destination IP.
If this is a outbound VS, client_addr would be the box on the private side of the VIS. remote_addr should be the destination address. local_addr is the VS address...not sure what that'd report for an outbound one.
As Chris and Stefan have suggested, IP::local_addr in CLIENT_ACCEPTED will return the LTM (client's destniation) address for the client connection. In CLIENT_ACCEPTED, IP::remote_addr will return the client IP.
Can you clarify the scenario more and let us know whether 188.8.131.52 is a pool member IP, a virtual server IP or you're using a wildcard virtual server?
I'm guessing the iRule Stefan posted will work for your scenario, as it will block connections through a wildcard virtual server destined to 184.108.40.206.